[Git][security-tracker-team/security-tracker][master] automatic update

Sat Sep 3 21:10:36 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6dfce36a by security tracker role at 2022-09-03T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2022-3118
+	RESERVED
 CVE-2022-39808
 	RESERVED
 CVE-2022-39807
@@ -1256,8 +1258,8 @@ CVE-2022-39199
 	RESERVED
 CVE-2022-39198
 	RESERVED
-CVE-2022-3099
-	RESERVED
+CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0359. ...)
+	TODO: check
 CVE-2022-3098
 	RESERVED
 CVE-2022-3097
@@ -19625,6 +19627,7 @@ CVE-2022-32225 (A reflected DOM-Based XSS vulnerability has been discovered in t
 	NOT-FOR-US: Veeam
 CVE-2022-32224
 	RESERVED
+	{DLA-3093-1}
 	- rails 2:6.1.6.1+dfsg-1 (bug #1016140)
 	NOTE: https://github.com/advisories/GHSA-3hhc-qp5v-9p2j
 	NOTE: Fixed by: https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a (main)
@@ -32953,6 +32956,7 @@ CVE-2022-27778 (A use of incorrectly resolved name vulnerability fixed in 7.83.1
 	NOTE: https://curl.se/docs/CVE-2022-27778.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/8c7ee9083d0d719d0a77ab20d9cc2ae84eeea7f3 (curl-7_83_1)
 CVE-2022-27777 (A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5. ...)
+	{DLA-3093-1}
 	- rails 2:6.1.6.1+dfsg-1 (bug #1016982)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534
 	NOTE: Fixed by: https://github.com/rails/rails/commit/123f42a573f7fcbf391885c135ca809f21615180 (v6.1.5.1)
@@ -45748,6 +45752,7 @@ CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to `
 	NOTE: https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb (v5.6.3)
 	NOTE: Related issue to CVE-2022-23633 for src:rails
 CVE-2022-23633 (Action Pack is a framework for handling and responding to web requests ...)
+	{DLA-3093-1}
 	- rails 2:6.1.4.6+dfsg-1 (bug #1005389)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/5
 	NOTE: Fixed by: https://github.com/rails/rails/commit/07d9600172a18b45791c89e95a642e13fc367545 (v6.1.4.5)
@@ -49663,6 +49668,7 @@ CVE-2022-22579 (An information disclosure issue was addressed with improved stat
 CVE-2022-22578 (A logic issue was addressed with improved validation. This issue is fi ...)
 	NOT-FOR-US: Apple
 CVE-2022-22577 (An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that co ...)
+	{DLA-3093-1}
 	- rails 2:6.1.6.1+dfsg-1 (bug #1011941)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533
 	NOTE: https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec (v6.1.5.1)
@@ -55214,6 +55220,7 @@ CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding secur
 CVE-2022-21832
 	RESERVED
 CVE-2022-21831 (A code injection vulnerability exists in the Active Storage >= v5.2 ...)
+	{DLA-3093-1}
 	- rails 2:6.1.4.7+dfsg-1 (bug #1011940)
 	NOTE: https://github.com/advisories/GHSA-w749-p3v6-hccq
 	NOTE: https://github.com/rails/rails/commit/b0b5eaf477c907819ead1808d09bfaae3eb4cc54 (v6.1.4.7)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dfce36a51397e6fee844ce41427a0fa848756f6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dfce36a51397e6fee844ce41427a0fa848756f6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220903/39a56528/attachment-0001.htm>
